package com.hh.mall.comfig;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 配置一些http请求的配置
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭跨栈请求攻击
        http.csrf().disable();
        // 放行一个监控的路径 /actuator/** admin监控 匹配路径
        // 放行
        http.authorizeRequests()
                .antMatchers("/actuator/**")
                .permitAll();
//        http.formLogin();
//        http.authorizeRequests().anyRequest().authenticated();
        // 配置了关闭跨栈请求
        super.configure(http);
    }
}
